CISSP-ISSAP · Question #44
Which of the following processes identifies the threats that can impact the business continuity of operations?
The correct answer is C. Business impact analysis. Business Impact Analysis (BIA) is the process specifically designed to identify threats and disruptions that can affect business continuity - it evaluates which business functions are critical, how long they can tolerate downtime, and what the operational and financial consequenc
Question
Which of the following processes identifies the threats that can impact the business continuity of operations?
Options
- AFunction analysis
- BRisk analysis
- CBusiness impact analysis
- DRequirement analysis
How the community answered
(69 responses)- A1% (1)
- B4% (3)
- C87% (60)
- D7% (5)
Explanation
Business Impact Analysis (BIA) is the process specifically designed to identify threats and disruptions that can affect business continuity - it evaluates which business functions are critical, how long they can tolerate downtime, and what the operational and financial consequences of disruption would be.
Why the distractors are wrong:
- A. Function analysis - examines what a system or process does, not the threats against it; it's more about decomposing system behavior.
- B. Risk analysis - identifies and evaluates general risks (likelihood × impact), but it is broader in scope and not specifically tied to business continuity operations the way BIA is.
- D. Requirement analysis - focuses on defining what a system or project needs to accomplish; it has no direct relationship to continuity threats.
Memory tip: Think of BIA = "Business Impact = Attacks/threats" - the word impact signals consequences to the business, making it the natural home for continuity threat identification. If a question mentions business continuity + identifying threats/disruptions, BIA is almost always the answer.
Topics
Community Discussion
No community discussion yet for this question.